`v3/Roles` regression in functionality migration from V2

[ChrisMtz]

Thanks for submitting an issue to cloud_controller_ng. We are always trying to improve! To help us, please fill out the following template.

Issue

V3 migration: Lost functionality to remove your own Org roles without the Org Manager role.

Context

DELETE /v2/organizations/:guid/:type/:uaaGuid allows you to delete yourself. EG: removing your own Org User role without having Org Manager roles. Using DELETE /v3/roles/:guid this is no longer the case.

Steps to Reproduce

Using V3:

• Have the Org User role or Org Auditor without the Org Manager role.
• Try to delete the Org User or Org Auditor role.

Expected result

Allows you to delete the Role normally

Current result

Returns with error: "You are not authorized to perform the requested action"

CF curl error screenshot

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/175403782

The labels on this github issue will be updated when the story is started.

[weymanf]

This kind of makes sense because you are not allowed to change Org permissions without the Org manager role. So whoever gave you the permissions for this org should be the one deleting your role. So maybe it wasn't intentional that you could delete yourself in v2.

[ChrisMtz]

So what is the next steps for this issue? There is some logic to being able to remove your own roles if they are no longer needed. But from what the PM said, sounds like v2 had a bug and this issue should be closed.

[Gerg]

I think that this was an oversight when implementing the v3 roles logic. Users should be able to leave spaces and organizations that they are members of.